Automatic Detection of HTTP Injection Attacks using Convolutional Neural Network and Deep Neural Network

Abstract: HTTP injection attacks are well known cyber security threats with fatal consequences. These attacks initiated by malicious entities (either human or computer) send dangerous or unsafe malicious contents into the parameters of HTTP requests. Combatting injection attacks demands for the development of Web Intrusion Detection Systems (WIDS). Common WIDS follow a rule-based approach or a signature-based approach which have the common problem of high false-positive rate (wrongly classifying malicious HTTP requests)… Show more

“…The authors achieved a detection rate of 84.13% in model tests performed on the ECML-PKDD dataset. In another similar web anomaly study [11], the authors showed that the classification performances are increased by using the word embedding method in single deep learning models based on CNN and DNN. However, the weighted average of detection rates for attack types in tests performed on ECML-PKDD is calculated as 84.0% [11].…”

“…In another similar web anomaly study [11], the authors showed that the classification performances are increased by using the word embedding method in single deep learning models based on CNN and DNN. However, the weighted average of detection rates for attack types in tests performed on ECML-PKDD is calculated as 84.0% [11]. This demonstrates that a single model cannot achieve sufficient success in classifying web attack types.…”

“…In the field of web security, intrusion detection is carried out with four different approaches derived from the two main methods given above. These are signature-based (misuse) [4,5,7,8], anomaly-based [9][10][11][12][13], policybased [14], and hybrid attack detection systems [15]. The advantages, disadvantages, and challenges of the WAF approaches are presented in Table 1.…”

“…The advantages, disadvantages, and challenges of the WAF approaches are presented in Table 1. Failing in detecting newly emerging attacks; Bypassing using encoding techniques [13] Updating the signature database Anomalybased WAFs [9][10][11][12][13] Effective in detecting known and newly emerging attacks High FP rate; high variance (overfitting) and high bias (underfitting) [16] Feature extraction and selection; Generalization for real-world Policybased WAFs [14] Elimination of the disadvantages of signature and anomalybased systems Vulnerabilities due to incorrect sequencing of policies [14] Requirement for domain experts, Difficulties in the operation of policies at large-scale systems Hybrid WAF systems [15] Combining the power of signature-based and anomaly-based systems The disadvantages of signature-based and anomaly-based systems Requirement for domain experts to the management of security rules [15] Two different web security studies have been carried out by Nguyen et al [9,10], one of which is based on feature selection, and the other is based on an ensemble model, using different traditional machine learning algorithms. The authors [10] developed WAF models based on generic feature selection (GeFS) and different machine learning.…”

“…One of the important reasons for the low accuracy rate in the study[13] is the use of N-gram based feature extraction, which does not include semantic representations. When the results in the study conducted by Odumuyiwa et al[11] are examined in detail, the weighted average detection rate of the single classifier CNN model for attack types remains at 84.0%. Thus, it is seen that even if deep learning is used, attack types cannot be detected with high sensitivity with a single algorithm-based classifier, and high bias occurs due to an imbalanced dataset.In our study, this rate is improved to reach 99.81% for binary-class.…”

Two Stage Deep Learning Based Stacked Ensemble Model for Web Application Security

“…The authors achieved a detection rate of 84.13% in model tests performed on the ECML-PKDD dataset. In another similar web anomaly study [11], the authors showed that the classification performances are increased by using the word embedding method in single deep learning models based on CNN and DNN. However, the weighted average of detection rates for attack types in tests performed on ECML-PKDD is calculated as 84.0% [11].…”

“…In another similar web anomaly study [11], the authors showed that the classification performances are increased by using the word embedding method in single deep learning models based on CNN and DNN. However, the weighted average of detection rates for attack types in tests performed on ECML-PKDD is calculated as 84.0% [11]. This demonstrates that a single model cannot achieve sufficient success in classifying web attack types.…”

“…In the field of web security, intrusion detection is carried out with four different approaches derived from the two main methods given above. These are signature-based (misuse) [4,5,7,8], anomaly-based [9][10][11][12][13], policybased [14], and hybrid attack detection systems [15]. The advantages, disadvantages, and challenges of the WAF approaches are presented in Table 1.…”

“…The advantages, disadvantages, and challenges of the WAF approaches are presented in Table 1. Failing in detecting newly emerging attacks; Bypassing using encoding techniques [13] Updating the signature database Anomalybased WAFs [9][10][11][12][13] Effective in detecting known and newly emerging attacks High FP rate; high variance (overfitting) and high bias (underfitting) [16] Feature extraction and selection; Generalization for real-world Policybased WAFs [14] Elimination of the disadvantages of signature and anomalybased systems Vulnerabilities due to incorrect sequencing of policies [14] Requirement for domain experts, Difficulties in the operation of policies at large-scale systems Hybrid WAF systems [15] Combining the power of signature-based and anomaly-based systems The disadvantages of signature-based and anomaly-based systems Requirement for domain experts to the management of security rules [15] Two different web security studies have been carried out by Nguyen et al [9,10], one of which is based on feature selection, and the other is based on an ensemble model, using different traditional machine learning algorithms. The authors [10] developed WAF models based on generic feature selection (GeFS) and different machine learning.…”

“…One of the important reasons for the low accuracy rate in the study[13] is the use of N-gram based feature extraction, which does not include semantic representations. When the results in the study conducted by Odumuyiwa et al[11] are examined in detail, the weighted average detection rate of the single classifier CNN model for attack types remains at 84.0%. Thus, it is seen that even if deep learning is used, attack types cannot be detected with high sensitivity with a single algorithm-based classifier, and high bias occurs due to an imbalanced dataset.In our study, this rate is improved to reach 99.81% for binary-class.…”

Two Stage Deep Learning Based Stacked Ensemble Model for Web Application Security

An Extensive Study to Devise a Smart Solution for Healthcare IoT Security Using Deep Learning

Detecting Malicious HTTP Requests Without Log Parser Using RequestBERT-BiLSTM